Zope AccessControl Security Fix: Anonymous Users Can Delete User Data
CVE-2024-51734
8.7HIGH
What is CVE-2024-51734?
A security flaw in Zope AccessControl allows anonymous users to delete critical user data managed by the UserFolder. This can disrupt privileged access and compromise user security. The issue has been resolved in version 7.2. To mitigate the risk, users unable to upgrade should modify their UserFolder by adding 'data__roles__ = ()'. It is essential for users to take action promptly to protect their data.
Affected Version(s)
AccessControl Zope AccessControl: < 7.2 < Zope AccessControl: 7.2
AccessControl Zope bundle: < 5.11.1 < Zope bundle: 5.11.1
